クライアントとしてMacとWinがある、とする。それぞれの名前はClientMac, ClientWinとしておく。
やはりこれもrootのままつづけていく。
debian:/etc/openvpn/easy-rsa# ./build-key-pass ClientMac(又はClientWin) Generating a 1024 bit RSA private key ..............++++++ ....................++++++ writing new private key to 'ClientMac.key'(又は'ClientWin.key') Enter PEM pass phrase:(秘密鍵にアクセスするためのパスフレーズ。最短で4文字。変更可能らしいがよくわからん…) Verifying - Enter PEM pass phrase:(同上) ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [**]: State or Province Name (full name) [**]: Locality Name (eg, city) [**]: Organization Name (eg, company) [**]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:ClientMac(又はClientWin) Email Address [**@**]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:(OpenVPNのクライアントモード起動時にパスワードをかける場合) An optional company name []:(同上) Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'**' stateOrProvinceName :PRINTABLE:'**' localityName :PRINTABLE:'**' organizationName :PRINTABLE:'**' commonName :PRINTABLE:'ClientMac'(又は'ClientWin') emailAddress :IA5STRING:'**@**' Certificate is to be certified until Jan 13 07:33:33 2018 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
このときのkeysディレクトリの中は
debian:/etc/openvpn/easy-rsa# ls -l keys total 84 -rw-r--r-- 1 root root 3660 Jan 16 14:58 01.pem -rw-r--r-- 1 root root 3554 Jan 16 16:32 02.pem -rw-r--r-- 1 root root 3560 Jan 16 16:33 03.pem -rw-r--r-- 1 root root 3560 Jan 16 16:33 ClientMac.crt(ClientMac証明書) -rw-r--r-- 1 root root 737 Jan 16 16:33 ClientMac.csr -rw------- 1 root root 963 Jan 16 16:33 ClientMac.key(ClientMac秘密鍵) -rw-r--r-- 1 root root 1261 Jan 16 14:29 ca.crt(CA証明書) -rw------- 1 root root 887 Jan 16 14:29 ca.key(CA秘密鍵) -rw-r--r-- 1 root root 245 Jan 16 16:22 dh1024.pem(DHパラメータ) -rw-r--r-- 1 root root 283 Jan 16 16:33 index.txt -rw-r--r-- 1 root root 20 Jan 16 16:33 index.txt.attr -rw-r--r-- 1 root root 20 Jan 16 16:32 index.txt.attr.old -rw-r--r-- 1 root root 188 Jan 16 16:32 index.txt.old -rw-r--r-- 1 root root 3554 Jan 16 16:32 ClientWin.crt(ClientWin証明書) -rw-r--r-- 1 root root 729 Jan 16 16:31 ClientWin.csr -rw------- 1 root root 963 Jan 16 16:31 ClientWin.key(ClientWin秘密鍵) -rw-r--r-- 1 root root 3 Jan 16 16:33 serial -rw-r--r-- 1 root root 3 Jan 16 16:32 serial.old -rw-r--r-- 1 root root 3660 Jan 16 14:58 server.crt(サーバ証明書) -rw-r--r-- 1 root root 672 Jan 16 14:57 server.csr -rw------- 1 root root 891 Jan 16 14:57 server.key(サーバ秘密鍵)
となる。
ClientMacにはClientMac.crt, ClientMac.key、ClientWinにはClientWin.crt, ClientWin.keyをコピーする。またそれぞれにca.crtをコピーする。